launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #29664
[Merge] ~jugmac00/launchpad:grant-ppa-edit-permissions-to-launchpad-devs into launchpad:master
Jürgen Gmach has proposed merging ~jugmac00/launchpad:grant-ppa-edit-permissions-to-launchpad-devs into launchpad:master.
Commit message:
Grant Launchpad devs selected edit permissions for PPAs
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~jugmac00/launchpad/+git/launchpad/+merge/437151
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad:grant-ppa-edit-permissions-to-launchpad-devs into launchpad:master.
diff --git a/lib/lp/soyuz/configure.zcml b/lib/lp/soyuz/configure.zcml
index 893878a..fd31388 100644
--- a/lib/lp/soyuz/configure.zcml
+++ b/lib/lp/soyuz/configure.zcml
@@ -365,18 +365,18 @@
<require
permission="launchpad.Admin"
interface="lp.soyuz.interfaces.archive.IArchiveAdmin"
- set_attributes="authorized_size
- enabled_restricted_processors
+ set_attributes="enabled_restricted_processors
external_dependencies
name
permit_obsolete_series_uploads
- private
- publishing_method
- repository_format
require_virtualized"/>
<require
permission="launchpad.Moderate"
- set_schema="lp.soyuz.interfaces.archive.IArchiveRestricted"/>
+ set_schema="lp.soyuz.interfaces.archive.IArchiveRestricted"
+ set_attributes="authorized_size
+ private
+ publishing_method
+ repository_format"/>
<require
permission="launchpad.InternalScriptsOnly"
set_attributes="dirty_suites distribution signing_key_owner
diff --git a/lib/lp/soyuz/security.py b/lib/lp/soyuz/security.py
index 7df030b..b6b5cf0 100644
--- a/lib/lp/soyuz/security.py
+++ b/lib/lp/soyuz/security.py
@@ -414,9 +414,8 @@ class ModerateArchive(AuthorizationBase):
def checkAuthenticated(self, user):
return (
user.in_buildd_admin
- or user.in_ppa_admin
- or user.in_commercial_admin
- or user.in_admin
+ or user.in_launchpad_developers
+ or AdminArchive(self.obj).checkAuthenticated(user)
)
diff --git a/lib/lp/soyuz/tests/test_archive.py b/lib/lp/soyuz/tests/test_archive.py
index d366f80..5851aad 100644
--- a/lib/lp/soyuz/tests/test_archive.py
+++ b/lib/lp/soyuz/tests/test_archive.py
@@ -74,6 +74,7 @@ from lp.soyuz.enums import (
ArchivePermissionType,
ArchivePublishingMethod,
ArchivePurpose,
+ ArchiveRepositoryFormat,
ArchiveStatus,
PackageCopyPolicy,
PackagePublishingStatus,
@@ -5804,6 +5805,104 @@ class TestDisplayName(TestCaseWithFactory):
archive.displayname = "My testing packages"
+class TestAuthorizedSize(TestCaseWithFactory):
+ """Tests for Archive.authorized_size"""
+
+ layer = DatabaseFunctionalLayer
+
+ def test_editable(self):
+ archive = self.factory.makeArchive(name="test-ppa")
+ self.assertEqual(8192, archive.authorized_size)
+
+ # unprivileged person cannot edit `authorized_size`
+ login("no-priv@xxxxxxxxxxxxx")
+ self.assertRaises(
+ Unauthorized, setattr, archive, "authorized_size", 1234
+ )
+
+ # launchpad developers can edit `authorized_size`
+ with celebrity_logged_in("launchpad_developers"):
+ archive.authorized_size *= 2
+ self.assertEqual(16384, archive.authorized_size)
+
+
+class TestPrivate(TestCaseWithFactory):
+ """Tests for Archive.private"""
+
+ layer = DatabaseFunctionalLayer
+
+ def test_editable(self):
+ archive = self.factory.makeArchive(name="test-ppa")
+ self.assertEqual(False, archive.private)
+
+ # unprivileged person cannot edit `private`
+ login("no-priv@xxxxxxxxxxxxx")
+ self.assertRaises(Unauthorized, setattr, archive, "private", True)
+
+ # launchpad developers can edit `private`
+ with celebrity_logged_in("launchpad_developers"):
+ archive.private = True
+ self.assertEqual(True, archive.private)
+
+
+class TestPublishingMethod(TestCaseWithFactory):
+ """Tests for Archive.publishing_method"""
+
+ layer = DatabaseFunctionalLayer
+
+ def test_editable(self):
+ archive = self.factory.makeArchive(name="test-ppa")
+ self.assertEqual(
+ ArchivePublishingMethod.LOCAL, archive.publishing_method
+ )
+
+ # unprivileged person cannot edit `publishing_method`
+ login("no-priv@xxxxxxxxxxxxx")
+ self.assertRaises(
+ Unauthorized,
+ setattr,
+ archive,
+ "publishing_method",
+ ArchivePublishingMethod.ARTIFACTORY,
+ )
+
+ # launchpad developers can edit `publishing_method`
+ with celebrity_logged_in("launchpad_developers"):
+ archive.publishing_method = ArchivePublishingMethod.ARTIFACTORY
+ self.assertEqual(
+ ArchivePublishingMethod.ARTIFACTORY, archive.publishing_method
+ )
+
+
+class TestRepositoryFormat(TestCaseWithFactory):
+ """Tests for Archive.repository_format"""
+
+ layer = DatabaseFunctionalLayer
+
+ def test_editable(self):
+ archive = self.factory.makeArchive(name="test-ppa")
+ self.assertEqual(
+ ArchiveRepositoryFormat.DEBIAN, archive.repository_format
+ )
+
+ # unprivileged person cannot edit `repository_format`
+ login("no-priv@xxxxxxxxxxxxx")
+ self.assertRaises(
+ Unauthorized,
+ setattr,
+ archive,
+ "repository_format",
+ ArchiveRepositoryFormat.PYTHON,
+ )
+
+ # launchpad developers can edit `repository_format`
+ with celebrity_logged_in("launchpad_developers"):
+ archive.repository_format = ArchiveRepositoryFormat.PYTHON
+ self.assertEqual(
+ ArchiveRepositoryFormat.PYTHON, archive.repository_format
+ )
+
+
class TestSigningKeyPropagation(TestCaseWithFactory):
"""Signing keys are shared between PPAs owned by the same person/team."""
